The Department of Justice announced this week that it has charged a man that it thinks was involved in several cyber attacks against several universities, corporations and government agencies.
Twenty year old Timothy French was arrested in Tennessee by the FBI this week. The US government said that French was in a hacking organization called NullCrew. This group is well known for activist hacking, which is designed to shame the targets rather than steal money and data.
Federal authorities say that the have collected information on several cyberattacks against two colleges and three companies that they think were conducted by NullCrew. Some of the attacks caused thousands of username and password combinations to be published on the Internet.
In one of these attacks, over 3000 usernames, passwords and email addresses for a ministry of defense in a foreign government were released online. The Department of Justice has not released the names of universities and companies that were targeted in the attacks.
According to the US attorney on the case, cyber crime often involves new technology, but the underlying criminal activity is nothing new. It includes unlawful intrusion, stealing of confidential information, and causing financial harm to the victims. Hackers who believe that they can steal business and personal information anonymously from computer systems should know that the federal government is very determined to find them and to prosecute these sorts of illegal acts.
The DOJ stated that NullCrew used several Twitter accounts to announce more than 12 attacks against different victims. Some of them included the websites of two companies and eight computer serves that belong to a large company, which occurred in 2012. In both of these cases, the announcement had links to Pastebin posts, which allows the users to upload text files for other people to view. That information contained usernames and passwords belonging to those companies.
In November 2012, NullCrew stated on Twitter that it was attacking the website of a foreign government’s ministry of defense. That attack released over 3000 usernames, email address and passwords that belonged to members of that defense ministry.
The government affidavit also states that the FBI has worked with a confidential witness who was able to join online chats with NullCrew members. During such chats, NullCrew members talked about past, present and future hacking attack. They also shared computer vulnerabilities of various organizations and planned to release victim information.
The complaint alleges that French was involved in five cyber attacks that were launched by NullCrew in 2012 and 2013. In each case, information allegedly was hacked from the computers of the victims and was then released by NullCrew. These acts caused serious financial damages to the organizations that were targeted. They had to respond to the attacks, conduct damage assessments and have computer systems restored.